Thanks, that’s good to hear. If either of those are true, I think it would be acceptable.
I would lean toward default rather than hard limits, only because I doubt anyone here ever changed the values. (Just because I doubt it doesn’t mean it didn’t happen!) *From:* [email protected] [mailto: [email protected]] *On Behalf Of *Brian Desmond *Sent:* Wednesday, August 26, 2015 2:39 PM *To:* [email protected] *Subject:* RE: [NTSysADM] AD LDAP Policies 2012 R2 *I would need to double check but I expect that either a) when it’s zero it honors the default or b) when it’s zero it falls back to the hard max limit. * *From:* [email protected] [ mailto:[email protected] <[email protected]>] *On Behalf Of *Charles F Sullivan *Sent:* Wednesday, August 26, 2015 10:58 AM *To:* [email protected] *Subject:* [NTSysADM] AD LDAP Policies 2012 R2 We have a single domain/forest at Windows 2012 R2 functional level. This began 14 years ago as a Windows 2000 domain. (Actually it was originally migrated from NT 4, but I don’t think that would be a factor.) In checking the LDAP policies using ntdsutil, I see at least 5 settings that are non-default. An example is MaxValRange = 0. The default is 1500. Is there anyone else out there running a Windows 2012 R2 domain who is aware of these settings in their own environment, or who would be willing to check? Particularly helpful may be someone whose domain started out as Windows 2000. Does anyone know if this is expected or normal? Thanks for any help with this. Charlie Sullivan Sr. Windows Systems Administrator
